PT-2022-9008 · Hitachi · Hitachi Ops Center Viewpoint+2
Published
2022-11-01
·
Updated
2023-03-01
·
CVE-2020-36605
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.4.0-00
Hitachi Ops Center Analyzer versions 10.0.0-00 through 10.8.0-00
Hitachi Ops Center Viewpoint versions 10.8.0-00 through 10.8.x
Description
The issue allows local users to read and write specific files due to incorrect default permissions in the Analytics probe component of Hitachi Infrastructure Analytics Advisor on Linux, the Analyzer probe component of Hitachi Ops Center Analyzer on Linux, and the Viewpoint RAID Agent component of Hitachi Ops Center Viewpoint on Linux.
Recommendations
For Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.4.0-00, update to a version after 4.4.0-00.
For Hitachi Ops Center Analyzer versions 10.0.0-00 through 10.8.0-00, update to version 10.9.0-00 or later.
For Hitachi Ops Center Viewpoint versions 10.8.0-00 through 10.8.x, update to version 10.9.0-00 or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Infrastructure Analytics Advisor
Hitachi Ops Center Analyzer
Hitachi Ops Center Viewpoint